← back
CVE-2014-0755

Rockwell RSLogix 5000 Insufficiently Protected Credentials

CVSS 6.3 EPSS 0.6%CWE-522
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 Feb 2014Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.
AV:L/AC:M/Au:N/C:C/I:C/A:N
Affected products
Rockwell Automation · RSLogix 5000 software

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01http://osvdb.org/102858https://exchange.xforce.ibmcloud.com/vulnerabilities/90981https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01http://www.securityfocus.com/bid/65337